Menu
Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

The technology can now block websites or malicious ads that try to exploit vulnerabilities in popular software

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.

Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.

To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.

While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.

According to Microsoft, this year exploit kit authors have integrated exploits for 4 new vulnerabilities within 30 days after they were patched, for 6 flaws within 10 days, and for 5 before they even had a fix available.

A popular method of targeting users' browsers with exploit kits is through malicious advertisements displayed on popular websites, or malvertising.

While ad networks have been trying to prevent such abuse for years, attackers still manage to find ways around their defenses because of the highly complex nature of the online advertising ecosystem where ads can pass through five or more intermediaries before they reach a user's browser.

With the latest update for Windows 10, Microsoft has extended SmartScreen to block drive-by attacks in Microsoft Edge and Internet Explorer 11, the Microsoft Edge Team said Wednesday in a blog post.

The new capability is based on the security intelligence that Microsoft receives from multiple products such as Microsoft Edge, Internet Explorer, Bing, Windows Defender and the Enhanced Mitigation Experience Toolkit (EMET).

Thanks to this data, which includes behavioral telemetry, SmartScreen can even detect attacks that exploit zero-day vulnerabilities, according to Microsoft.

For example, in December last year, Defender and EMET picked up new exploits that were targeting millions of users through malicious ads, the company said. Those exploits were part of an exploit kit called HanJuan and were targeting a previously unknown vulnerability in Flash Player that was later reported to Adobe and patched.

When SmartScreen blocks drive-by download attacks, it will display a red warning instead of the Web page that the user is trying to access, or inside a frame on that Web page. That's because the technology can selectively block malicious ads loaded inside HTML frames on legitimate websites, while letting users interact with the rest of the content of those websites.

"When drive-by attacks target vulnerabilities that have already been fixed in popular software, your browser, or your operating system, it’s vital that you install security updates when they become available," the Microsoft Edge Team said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments